Permissions in Control
Control provides a rich set of privileges. In this way, administrators can always assign the necessary privileges to each role. All available permissions in control are grouped into 4 categories:
- Access
- Administration
- Destructive
- Control
Administration and Destructive permissions always require an additional Access permission. Access, Administration and Destructive permissions manage cluster related functions while the Control permissions manage Control itself. The following sections explain how the different permissions work.
Access Permissions
Each access permission enables/disables the corresponding element in the UI of control. Access permissions are required to execute any kind of request.
List of all the available access permissions:
| Permission | Description |
|---|---|
| Access dashboard | Enables users to access report related endpoints and the dashboard menu. |
| Access apps | Enables users to access apps related endpoints and the apps menu. |
| Access processes | Enables users to access bpmn related endpoints and the processes menu. |
| Access cases | Enables users to access cmmn related endpoints and the cases menu. |
| Access forms | Enables users to access form related endpoints and the forms menu. |
| Access decisions | Enables users to access decision related endpoints and the decision menu. |
| Access content | Enables users to access content related endpoints and the content menu. |
| Access event-registry | Enables users to access event registry related endpoints and the event registry menu. |
| Access templates | Enables users to access template related endpoints and the templates menu. |
| Access actions | Enables users to access actions related endpoints and the actions menu. |
| Access engage | Enables users to access ENGAGE related endpoints and the ENGAGE menu. |
| Access data-objects | Enables users to access data object related endpoints and the data objects menu. |
| Access services | Enables users to access services related endpoints and the services menu. |
| Access users | Enables users to access users related endpoints and the users menu. |
| Access indexes | Enables users to access indexes related endpoints and the indexes menu. |
| Access housekeeping | Enables users to access housekeeping related endpoints and the housekeeping menu. |
| Access utilities | Enables users to access utilities related endpoints and the utilities menu. |
| Access system-info | Enables users to access system info related endpoints and the system info menu. |
| Access master data | Enables users to access master data related endpoints and the master data instances menu. |
| Access SLAs | Enables users to access SLA related endpoints and the SLA menu. |
Administration Permission
Each admin permission enables the user to call particular actions like deleting definitions or updating instance variables. However, all administration
permissions always require some additional access permission.
Example: The permission Modify instance requires either Access cases or Access
processes.
| Permission | Description |
|---|---|
| Upload new deployment | Enables users to upload deployment files. |
| Migrate instance | Enables users to migrate instance to different versions. |
| Modify instance | Enables users to modify instances. |
| Reindex instance | Enables users to reindex instances (one instance at a time) |
| Manage reindex | Enables users to reindex all instances at once. |
| Change state | Enables users to change the state of instances |
| Change task state | Enables users to change the state of task instances |
| Trigger event | Enables users to trigger events for instances |
| Move job | Enables users to move jobs |
| Execute job | Enables users to execute jobs |
| Create idm user | Enables users to create IDM users |
| Edit idm user | Enables users to edit IDM users |
| Edit idm user definition | Enables users to edit IDM user definitions |
| Create idm group | Enables users to create idm groups |
| Edit idm group | Enables users to edit idm groups |
| Modify sequences | Enables users to modify sequences |
| Import master data | Enables users to import master data |
Destructive Permissions
This category contains all actions that delete or terminate crucial data within the target cluster. Again, all destructive permissions require access permission
to work properly.
Example: The permission Delete instance requires either Access cases or Access processes.
| Permission | Description |
|---|---|
| Delete deployment | Enables users to delete deployments |
| Delete instance | Enables users to delete instances |
| Terminate instance | Enables users to terminate instances |
| Delete job | Enables users to delete jobs |
| Delete housekeeping job | Enables users to delete housekeeping jobs |
| Schema definition update database | Enables users to execute database update on schema definitions |
| Schema definition rollback database | Enables users to execute database rollbacks on schema definitions |
| Modify system-info | Enables users to modify the system information |
| Delete master data | Enables users to delete master data instances based on data object definition IDs |
Control Permissions
This category contains all permissions that are related to Control itself. Similar to Access,Administration and Destructive the Control permissions relay on each other.
Example: Access Control Cluster is required to add, edit or delete cluster configuration
| Permission | Description |
|---|---|
| Access control cluster | Enables users to access the Control cluster information |
| Add cluster | Enables users to add new cluster configurations |
| Edit cluster | Enables users to edit existing cluster configurations |
| Delete cluster | Enables users to delete cluster configurations |
| Access control users | Enables users to modify the system information |
| Create user | Enables users to create new Control user |
| Edit user | Enables users to edit existing Control user |
| Delete user | Enables users to delete Control user |
| Access control roles | Enables users to modify the system information |
| Create roles | Enables users to create new Control roles |
| Delete roles | Enables users to delete Control roles |
| Assign roles | Enables users to assign Control users to Control roles |
| Access control audit | Enables users to to access the audit log |
| Access control actuator | Enables users to to access the actuator |
| Modify license | Enables users to modify the license information |